60 replies to this topic

[Siggyx]

What version of Norton did you have?

[appraisermtt]

Thats just it..i dont have Norton anymore! I USED to have the bundled all-in-one Antivirus, systemworks, Ghost, etc.etc..but I thought I got rid of it all!! As I read on numerous websites, apprarently it is very difficult to remove completely??? I just noticed that all these spyware/virus scans still note a folder called "nprotect" which im pretty sure is a Norton folder....

[Siggyx]

Do you remember what year version it was?

[Siggyx]

Let's do some cleaning

1) You can remove the avenger folder and that will eliminate those files.

2) The slow down does sound like too many scanners etc opening. I would remove them all for now and see how things go from there and add back the ones you want to keep.

3) Download ccleaner from the link below, save it to your desktop. Open ccleaner and click on run ccleaner at the bottom right.

http://www.majorgeek...wnload4191.html

4) Next download Regseeker from the link below. Save it to your destop. Open Regseeker and click on clean registry, next click ok. Once the scan is complete make sure the make backups is checked and then select all and delete it.

http://www.majorgeek...wnload2579.html

5) Download ATF Cleaner:
http://www.atribune....tent/view/19/2/
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

When done a prompt appears informing of such.

(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)

6) Next you neeed to clean out your system restore. You can do that by turning it off then back on

To turn off Windows XP System Restore:

NOTE: These instructions assume that you are using the default Windows XP Start Menu and have not changed to the Classic Start menu. To re-enable the default menu, right-click Start, click Properties, click Start menu (not Classic) and then click OK.


1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore" or "Turn off System Restore on all drives" as shown in this illustration:
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
8. Proceed with what you need to do; for example, virus removal. When you have finished, restart the computer and follow the instructions in the next section to turn on System Restore.

To turn on Windows XP System Restore:

1. Click Start.
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives."
5. Click Apply, and then click OK.

6) Let's try this for Norton

Follow the steps at the link below.

http://service1.syma...n...v=&osv_lvl=

Let me know how it goes.

[appraisermtt]

2003 or 2004 I believe... here is whats left on my computer that Ive found so far: C:\Program Files\Norton SystemWorks\Norton CleanSweep\Backup contains a few *.BUD files which If I recall were maybe old viruses or something that are quarantined?? Maybe? and this C:\Program Files\Norton SystemWorks\LNK_UNDO which has no files in it..its just blank By the way...What do you think about me using Mozilla Firefox and Thunderbird??? It seems alot safer...Do you?

[appraisermtt]

can i get rid of everything Avenger?

[Siggyx]

yes

[appraisermtt]

Whew...all done! Computer seems to be running fine...no problems with all those tasks...Although I did have to run RegSeeker a few times for it to find everything.... I am now running another Kaspersky scan and it still has found 1 virus so far...(If I recall..I still have a C:!Killbox folder on my computer which always showed having a virus or something...should I remove that whole folder???

[Siggyx]

Yes you can remove that also.

[appraisermtt]

OK..here is the scan....What does it mean when it says "Object is Locked - Skipped" ..I notice some of the files it mentions are things I had open at the time...is that why??? Also..notice the "C:\recycler" stuff...Can I get rid of that whole directory? KASPERSKY ONLINE SCANNER REPORT Monday, July 31, 2006 11:49:33 AM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 31/07/2006 Kaspersky Anti-Virus database records: 211069 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target My Computer A:\ C:\ D:\ E:\ W:\ X:\ Y:\ Z:\ Scan Statistics Total number of scanned objects 68615 Number of viruses found 3 Number of infected objects 3 / 0 Number of suspicious objects 0 Duration of the scan process 02:10:09 Infected Object Name Virus Name Last Action C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Matt Thoren\.housecall\Quarantine\A0001713.dll.bac_a01972 Infected: not-a-virus:AdWare.Win32.Virtumonde.cq skipped C:\Documents and Settings\Matt Thoren\Application Data\MailFrontier\logger\all\20060731.txt Object is locked skipped C:\Documents and Settings\Matt Thoren\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Matt Thoren\Local Settings\Application Data\Identities\{7C2CADAC-7DAD-4C9C-B2B3-6AEF13480E5B}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped C:\Documents and Settings\Matt Thoren\Local Settings\Application Data\Identities\{7C2CADAC-7DAD-4C9C-B2B3-6AEF13480E5B}\Microsoft\Outlook Express\Inbox.dbx Object is locked skipped C:\Documents and Settings\Matt Thoren\Local Settings\Application Data\Identities\{7C2CADAC-7DAD-4C9C-B2B3-6AEF13480E5B}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped C:\Documents and Settings\Matt Thoren\Local Settings\Application Data\Identities\{7C2CADAC-7DAD-4C9C-B2B3-6AEF13480E5B}\Microsoft\Outlook Express\Pop3uidl.dbx Object is locked skipped C:\Documents and Settings\Matt Thoren\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Matt Thoren\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Matt Thoren\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Matt Thoren\Local Settings\History\History.IE5\MSHist012006073120060801\index.dat Object is locked skipped C:\Documents and Settings\Matt Thoren\Local Settings\Temp\INMEM000.REM Object is locked skipped C:\Documents and Settings\Matt Thoren\Local Settings\Temp\REPORT\zoo7A.tmp Object is locked skipped C:\Documents and Settings\Matt Thoren\Local Settings\Temp\Report32\PDOXUSRS.LCK Object is locked skipped C:\Documents and Settings\Matt Thoren\Local Settings\Temp\~DFC8AD.tmp Object is locked skipped C:\Documents and Settings\Matt Thoren\Local Settings\Temp\~DFDCCB.tmp Object is locked skipped C:\Documents and Settings\Matt Thoren\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Matt Thoren\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Matt Thoren\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\ACI32\Databases\Common\PDOXUSRS.NET Object is locked skipped C:\Program Files\ACI32\REPORTS\41863.aci Object is locked skipped C:\Program Files\ACI32\REPORTS\47979.aci Object is locked skipped C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\MailBuddy.log Object is locked skipped C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\Matador_Outlook_Express.log Object is locked skipped C:\RECYCLER\NPROTECT\00013656.exe Infected: not-a-virus:AdWare.Win32.WinAD.bl skipped C:\RECYCLER\S-1-5-21-270800707-4088190255-1608279117-1006\Dc49\7d88571.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP1\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped C:\WINDOWS\Internet Logs\HAL.ldb Object is locked skipped C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\temp\ZLT074ef.TMP Object is locked skipped C:\WINDOWS\temp\ZLT074f6.TMP Object is locked skipped C:\WINDOWS\WIADEBUG.LOG Object is locked skipped C:\WINDOWS\WIASERVC.LOG Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed.

[Siggyx]

They are effectively ystsem files that store data.

What are Index.dat files?
Index.dat files are used by Internet Explorer and Windows to store history, Internet cache, cookies, UserData records and other information about what you have done in Internet or in your PC. Although some of their functions are useful, they are dangerous privacy threat - any person with even little knowledge about index.dat files locations and structure can see history of almost all of your computer activities. Index.dat files are not the only privacy threat but they are the most obscure and dangerous one because they are hard to find and even harder to delete. In fact, in most cases it is impossible to delete Index.dat files manually because Internet Explorer and Windows use them all the time.

You can clean out the recycler by right clicking on the recycle bin and then choosing empty.

[appraisermtt]

Well, Should I try to get rid of them??? How? Also, what do you think of ismon.exe and ishost.exe?? Ive read they are harmful???

[Siggyx]

Also, what do you think of ismon.exe and ishost.exe??

I may be going blind, which there is always a chance of, but I do not see these in your scan or your hijackthis log.

[appraisermtt]

I agree..they are not in the HJT log, but they are listed in my ZoneAlarm "Program Control" as "programs that have tried to access the internet or local network". They are listed as being located at C:\WINDOWS\SYSTEM32\ismon.exe C:\WINDOWS\SYSTEM32\ishost.exe I went to that directy and they are not there...so maybe they used to be at some point?? Oh well... So I guess we are done?? I thank you VERY much for all your help!!!!!!

[Siggyx]

Yes we are done. Glad everything worked out. You had a lot of variants in there which took the time to get them all.

If you dont have these three programs I would recommend that you get them. Spywareblaster, Spywareguard and IESPY AD. They will add 1000's of sites to your resticted zone and block some hijacks from happening. In my signature below is also a tutorial on how to harden IE, a good read and very helpful to stop these things in the future. I also have a FREE FIREWALL and FREE ANTI VIRUS if you need one.

It is critical to have both a firewall and anti virus to protect your system.

Keep your system up to date and run Adaware & Spybot, once a week works, and hopefully you will be ok from here on.

Safe Surfing.